mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 14:01:43 +03:00
864 lines
69 KiB
Plaintext
864 lines
69 KiB
Plaintext
{
|
||
"blocks": {
|
||
"_start": {
|
||
"name": "Start",
|
||
"desc": "Starting Block",
|
||
"code": "print \"Script Started\""
|
||
},
|
||
"_end": {
|
||
"name": "End",
|
||
"desc": "Ending Block",
|
||
"code": ":end\r\njump :SkipPullSystemStatus PullSystemStatus \"!=\" 1\r\nPullSystemStatus\r\n:SkipPullSystemStatus\r\njump :SkipPullEventLog PullEventLog \"!=\" 1\r\nPullEventLog\r\n:SkipPullEventLog\r\njump :SkipPullAuditLog PullAuditLog \"!=\" 1\r\nPullAuditLog\r\n:SkipPullAuditLog\r\njump :SkipPullCertificates PullCertificates \"!=\" 1\r\nPullCertificates\r\n:SkipPullCertificates\r\njump :SkipPullWatchdog PullWatchdog \"!=\" 1\r\nPullWatchdog\r\n:SkipPullWatchdog\r\njump :SkipPullSystemDefense PullSystemDefense \"!=\" 1\r\nPullSystemDefense\r\n:SkipPullSystemDefense\r\njump :SkipPullHardware PullHardware \"!=\" 1\r\nPullHardware\r\n:SkipPullHardware\r\njump :SkipPullUserInfo PullUserInfo \"!=\" 1\r\nPullUserInfo\r\n:SkipPullUserInfo\r\njump :SkipPullRemoteAccess PullRemoteAccess \"!=\" 1\r\nPullRemoteAccess\r\n:SkipPullRemoteAccess\r\nprint \"Script Completed\""
|
||
},
|
||
"AMT-Accounts-AddDigestUser": {
|
||
"name": "Accounts - Add Digest User",
|
||
"desc": "Add a new digest user account to Intel AMT",
|
||
"code": "# Get the DigestRealm\r\njump :SkipDigestRealm-%%%~%%% DigestRealm \"!=\"\r\nprint \"Fetching digest realm...\"\r\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset DigestRealm wsman_answer.AMT_GeneralSettings.response.DigestRealm\r\n:SkipDigestRealm-%%%~%%%\r\n\r\n# Create account\r\nset AccountName \"%%%name%%%\"\r\nset AccountPass \"%%%password%%%\"\r\nset digest \"{AccountName}:{DigestRealm}:{AccountPass}\"\r\nmd5 digestmd5 digest\r\nbtoa digestmd5 digestmd5\r\njsonparse wsargs \"%7B %22DigestUsername%22:%22{AccountName}%22, %22DigestPassword%22:%22{digestmd5}%22, %22AccessPermission%22:%%%accessPermission%%%, %22Realms%22:[%%%realms%%%] %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {AccountName} create: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
|
||
"vars": {
|
||
"name": {
|
||
"name": "Name",
|
||
"desc": "Name of the user account to create",
|
||
"type": 1,
|
||
"maxlength": 30,
|
||
"value": ""
|
||
},
|
||
"password": {
|
||
"name": "Password",
|
||
"desc": "Password of the user account to create",
|
||
"type": 4,
|
||
"maxlength": 30,
|
||
"value": ""
|
||
},
|
||
"accessPermission": {
|
||
"name": "Access Permission",
|
||
"desc": "Set account to be local, remote or both",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "Local only",
|
||
"1": "Network only",
|
||
"2": "All (Local & Network)"
|
||
},
|
||
"value": "2"
|
||
},
|
||
"realms": {
|
||
"name": "Realms",
|
||
"desc": "Set account permissions",
|
||
"type": 5,
|
||
"values": {
|
||
"2": "Redirection",
|
||
"3": "PT Administration",
|
||
"4": "Hardware Asset",
|
||
"5": "Remote Control",
|
||
"6": "Storage",
|
||
"7": "Event Manager",
|
||
"8": "Storage Admin",
|
||
"9": "Agent Presence Local",
|
||
"10": "Agent Presence Remote",
|
||
"11": "Circuit Breaker",
|
||
"12": "Network Time",
|
||
"13": "General Information",
|
||
"14": "Firmware Update",
|
||
"15": "EIT",
|
||
"16": "LocalUN",
|
||
"17": "Endpoint Access Control",
|
||
"18": "Endpoint Access Control Admin",
|
||
"19": "Event Log Reader",
|
||
"20": "Audit Log",
|
||
"21": "ACL Realm",
|
||
"24": "Local System"
|
||
},
|
||
"value": [ "3" ]
|
||
}
|
||
}
|
||
},
|
||
"AMT-Accounts-RemoveDigestUser": {
|
||
"name": "Accounts - Remove Digest User",
|
||
"desc": "Remove a digest user account from Intel AMT",
|
||
"code": "set ToggleAccount \"%%%name%%%\"\r\n\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.DigestUsername\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account {ToggleAccount} found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account {ToggleAccount} deleted.\"\r\nset PullUserInfo 1\r\njump :end\r\n\r\n# End of script\r\njump :end\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
|
||
"vars": {
|
||
"name": {
|
||
"name": "Name",
|
||
"desc": "Name of the user account to remove",
|
||
"type": 1,
|
||
"maxlength": 30,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-Accounts-AddKerberosUser": {
|
||
"name": "Accounts - Add Kerberos User",
|
||
"desc": "Add a new kerberos user account to Intel AMT",
|
||
"code": "# Set kerberos sid value as a byte array string\r\nset KerberosUserString \"%%%sid%%%\"\r\nGetSidByteArray x KerberosUserString\r\nbtoa KerberosUserSid x\r\njsonparse wsargs \"%7B%22KerberosUserSid%22:%22{KerberosUserSid}%22,%22AccessPermission%22:%%%accessPermission%%%,%22Realms%22:[%%%realms%%%]%7D\"\r\nwsexec \"AMT_AuthorizationService\" \"AddUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Account {KerberosUserString} return value: {AMT_AuthorizationService.Body.ReturnValueStr}\"\r\n\r\nset PullUserInfo 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
|
||
"vars": {
|
||
"sid": {
|
||
"name": "Sid",
|
||
"desc": "The Security ID (SID) of the user account to create",
|
||
"type": 1,
|
||
"maxlength": 45,
|
||
"value": ""
|
||
},
|
||
"accessPermission": {
|
||
"name": "Access Permission",
|
||
"desc": "Set account to be local, remote or both",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "Local only",
|
||
"1": "Network only",
|
||
"2": "All (Local & Network)"
|
||
},
|
||
"value": "2"
|
||
},
|
||
"realms": {
|
||
"name": "Realms",
|
||
"desc": "Set account permissions",
|
||
"type": 5,
|
||
"values": {
|
||
"2": "Redirection",
|
||
"3": "PT Administration",
|
||
"4": "Hardware Asset",
|
||
"5": "Remote Control",
|
||
"6": "Storage",
|
||
"7": "Event Manager",
|
||
"8": "Storage Admin",
|
||
"9": "Agent Presence Local",
|
||
"10": "Agent Presence Remote",
|
||
"11": "Circuit Breaker",
|
||
"12": "Network Time",
|
||
"13": "General Information",
|
||
"14": "Firmware Update",
|
||
"15": "EIT",
|
||
"16": "LocalUN",
|
||
"17": "Endpoint Access Control",
|
||
"18": "Endpoint Access Control Admin",
|
||
"19": "Event Log Reader",
|
||
"20": "Audit Log",
|
||
"21": "ACL Realm",
|
||
"24": "Local System"
|
||
},
|
||
"value": [ "3" ]
|
||
}
|
||
}
|
||
},
|
||
"AMT-Accounts-RemoveKerberosUser": {
|
||
"name": "Accounts - Remove Kerberos User",
|
||
"desc": "Remove a digest user account from Intel AMT",
|
||
"code": "GetSidByteArray ToggleAccount \"%%%sid%%%\"\r\nbtoa ToggleAccount ToggleAccount\r\n# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountName{i} AMT_AuthorizationService.Body.KerberosUserSid\r\nset AccountAccess{i} AMT_AuthorizationService.Body.AccessPermission\r\nset AccountRealms{i} AMT_AuthorizationService.Body.Realms\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# Search for a matching account\r\nprint \"Searching accounts...\"\r\nset i 0\r\n:searchAccountLoop-%%%~%%%\r\nset searchHandle AccountHandles.{i}\r\njump :foundAccount AccountName{i} \"=\" ToggleAccount\r\nadd i i 1\r\njump :searchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\njump :end-%%%~%%%\r\n\r\n# Account found, delete it\r\n:foundAccount\r\nprint \"Account %%%sid%%% found at index {i}, deleting it...\"\r\nset deleteHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{deleteHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"RemoveUserAclEntry\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Done, account %%%sid%%% deleted.\"\r\nset PullUserInfo 1\r\njump :end\r\n\r\n# End of script\r\njump :end\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%",
|
||
"vars": {
|
||
"sid": {
|
||
"name": "Sid",
|
||
"desc": "Sid of the user account to remove",
|
||
"type": 1,
|
||
"maxlength": 45,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-Accounts-PrintAll": {
|
||
"name": "Accounts - Print Users",
|
||
"desc": "Display all digest user accounts from Intel AMT",
|
||
"code": "# Fetch all of the account handles\r\nprint \"Fetching account handles...\"\r\njsonparse wsargs \"%7B %22StartIndex%22:1 %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"EnumerateUserAclEntries\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountHandles AMT_AuthorizationService.Body.Handles\r\nset wsargs\r\nset AMT_AuthorizationService\r\nset wsman_result\r\nset wsman_result_str\r\nlength AccountHandlesCount AccountHandles\r\n\r\n# Get all of the account information\r\nprint \"Fetching all account information...\"\r\nset i 0\r\n:fetchAccountLoop-%%%~%%%\r\nset fetchHandle AccountHandles.{i}\r\njsonparse wsargs \"%7B %22Handle%22:{fetchHandle} %7D\"\r\nwsexec \"AMT_AuthorizationService\" \"GetAclEnabledState\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AccountEnabled{i} AMT_AuthorizationService.Body.Enabled\r\nwsexec \"AMT_AuthorizationService\" \"GetUserAclEntryEx\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"AMT-ACCOUNT: {AMT_AuthorizationService.Body.DigestUsername}, {AMT_AuthorizationService.Body.AccessPermission}, [{AMT_AuthorizationService.Body.Realms}]\"\r\nadd i i 1\r\njump :fetchAccountLoop-%%%~%%% i \"<\" AccountHandlesCount\r\nset AMT_AuthorizationService\r\nset fetchHandle\r\nset wsargs\r\n\r\n# End of script\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%"
|
||
},
|
||
"Basic-Add": {
|
||
"name": "Basic - Add",
|
||
"desc": "Add a value to a given variable",
|
||
"code": "add %%%var%%% %%%var%%% %%%value%%%",
|
||
"vars": {
|
||
"var": {
|
||
"name": "Name",
|
||
"desc": "Name of the variable to add to",
|
||
"type": 1,
|
||
"maxlength": 20,
|
||
"value": "SampleVariable"
|
||
},
|
||
"value": {
|
||
"name": "Value",
|
||
"desc": "Value to add to the variable",
|
||
"type": 1,
|
||
"value": "1"
|
||
}
|
||
}
|
||
},
|
||
"Basic-Disconnect": {
|
||
"name": "Basic - Disconnect",
|
||
"desc": "Disconnect from Intel AMT",
|
||
"code": "Disconnect"
|
||
},
|
||
"Basic-JumpLabel": {
|
||
"name": "Basic - Jump Target",
|
||
"desc": "Set a jump label. Other blocks can jump here.",
|
||
"code": ":%%%label%%%",
|
||
"vars": {
|
||
"label": {
|
||
"name": "Label",
|
||
"desc": "Name of the jump target label",
|
||
"type": 1,
|
||
"maxlength": 50,
|
||
"value": "SampleLabel"
|
||
}
|
||
}
|
||
},
|
||
"Basic-Jump": {
|
||
"name": "Basic - Jump",
|
||
"desc": "Jump to a given label",
|
||
"code": "jump :%%%label%%%",
|
||
"vars": {
|
||
"label": {
|
||
"name": "Label",
|
||
"desc": "Name of the jump target label",
|
||
"type": 1,
|
||
"maxlength": 50,
|
||
"value": "SampleLabel"
|
||
}
|
||
}
|
||
},
|
||
"Basic-JumpIf": {
|
||
"name": "Basic - Jump if",
|
||
"desc": "Jump to a given label if the condition is met",
|
||
"code": "jump :%%%label%%% %%%arg1%%% \"%%%comparator%%%\" %%%arg2%%%",
|
||
"vars": {
|
||
"label": {
|
||
"name": "Label",
|
||
"desc": "Name of the jump target label",
|
||
"type": 1,
|
||
"maxlength": 50,
|
||
"value": "SampleLabel"
|
||
},
|
||
"arg1": {
|
||
"name": "arg1",
|
||
"desc": "First variable to compare, use \"x\" for a string",
|
||
"type": 1,
|
||
"value": ""
|
||
},
|
||
"comparator": {
|
||
"name": "Comparator",
|
||
"desc": "How to compare both arguments",
|
||
"type": 3,
|
||
"values": {
|
||
"=": "=",
|
||
"!=": "!=",
|
||
"<": "<",
|
||
">": ">",
|
||
"<=": "<=",
|
||
">=": ">="
|
||
},
|
||
"value": "="
|
||
},
|
||
"arg2": {
|
||
"name": "arg2",
|
||
"desc": "Second variable to compare, use \"x\" for a string",
|
||
"type": 1,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"Basic-Print": {
|
||
"name": "Basic - Print",
|
||
"desc": "Print a string to the console",
|
||
"code": "print \"%%%printstring%%%\"",
|
||
"vars": {
|
||
"printstring": {
|
||
"name": "Value",
|
||
"desc": "String that will be printed to console, use urlescaping for special chars and use {x} to print variable x.",
|
||
"type": 1,
|
||
"value": "Sample String"
|
||
}
|
||
}
|
||
},
|
||
"Basic-ScriptSpeed": {
|
||
"name": "Basic - Script Speed",
|
||
"desc": "Set the speed of the script",
|
||
"code": "scriptspeed %%%delay%%%",
|
||
"vars": {
|
||
"delay": {
|
||
"name": "Delay",
|
||
"desc": "The delay in millisecond between execution of each script step. 200ms is 5 steps per second.",
|
||
"type": 2,
|
||
"maxlength": 4,
|
||
"value": 200
|
||
}
|
||
}
|
||
},
|
||
"Basic-Set": {
|
||
"name": "Basic - Set",
|
||
"desc": "Set a variable to a given value",
|
||
"code": "set %%%var%%% %%%value%%%",
|
||
"vars": {
|
||
"var": {
|
||
"name": "Name",
|
||
"desc": "Name of the variable to set",
|
||
"type": 1,
|
||
"maxlength": 20,
|
||
"value": "SampleVariable"
|
||
},
|
||
"value": {
|
||
"name": "Value",
|
||
"desc": "The new value to set to the variable",
|
||
"type": 1,
|
||
"value": "0"
|
||
}
|
||
}
|
||
},
|
||
"AMT-General-SetUserConsent": {
|
||
"name": "General - Set User Consent",
|
||
"desc": "Set the Intel AMT user consent mode",
|
||
"code": "split ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.IPS_OptInService.response.OptInRequired %%%consentMode%%%\r\nwsput \"IPS_OptInService\" wsman_answer.IPS_OptInService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
|
||
"vars": {
|
||
"consentMode": {
|
||
"name": "Consent Mode",
|
||
"desc": "Intel AMT user consent mode",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "Not Required",
|
||
"1": "Required for KVM only",
|
||
"0xFFFFFFFF": "Always Required"
|
||
},
|
||
"value": "0"
|
||
}
|
||
}
|
||
},
|
||
"AMT-General-ActiveFeatures": {
|
||
"name": "General - Set Active Features",
|
||
"desc": "Set the Intel AMT active features",
|
||
"code": "split ws_optIn_query \"*AMT_RedirectionService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset wsman_answer.AMT_RedirectionService.response.ListenerEnabled \"%%%listenerEnabled%%%\"\r\nset wsman_answer.AMT_RedirectionService.response.EnabledState \"%%%enabledState%%%\"\r\njsonparse wsargs \"%7B %22RequestedState%22:%22%%%enabledState%%%%22 %7D\"\r\nwsexec \"AMT_RedirectionService\" \"RequestStateChange\" wsargs\r\nwsput \"AMT_RedirectionService\" wsman_answer.AMT_RedirectionService.response\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
|
||
"vars": {
|
||
"listenerEnabled": {
|
||
"name": "Redirection Port",
|
||
"desc": "Enable or disable the Intel AMT redirection port (TCP:16993/16995)",
|
||
"type": 3,
|
||
"values": {
|
||
"true": "Enabled",
|
||
"false": "Disabled"
|
||
},
|
||
"value": "true"
|
||
},
|
||
"enabledState": {
|
||
"name": "SOL/IDER Feature",
|
||
"desc": "Enable or disable the Intel AMT Serial-over-LAN and IDER features",
|
||
"type": 3,
|
||
"values": {
|
||
"32768": "Disabled",
|
||
"32769": "IDER only",
|
||
"32770": "Serial-over-LAN only",
|
||
"32771": "IDER & SOL enabled"
|
||
},
|
||
"value": "32771"
|
||
}
|
||
}
|
||
},
|
||
"AMT-General-GetCoreVersion": {
|
||
"name": "General - Get Version",
|
||
"desc": "Retrieves the Intel AMT release version, prints it to the console and stores it in variable AmtCoreVersion",
|
||
"code": "split ws_general_query \"CIM_SoftwareIdentity\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.CIM_SoftwareIdentity.responses\r\nlength arr_len arr\r\n:loop-%%%~%%%\r\nset curInstanceId arr.{i}.InstanceID\r\njump :AmtCoreVersionFound-%%%~%%% curInstanceId \"=\" \"AMT FW Core Version\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"Error: Intel AMT version was not found\"\r\njump :end-%%%~%%%\r\n:AmtCoreVersionFound-%%%~%%%\r\nset AmtCoreVersion arr.{i}.VersionString\r\nprint \"Intel AMT version: {AmtCoreVersion}\"\r\n:end-%%%~%%%\r\nset arr\r\nset arr_len\r\nset curInstanceId\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
|
||
},
|
||
"AMT-General-GetPlatformType": {
|
||
"name": "General - Get Platform Type",
|
||
"desc": "Retrieves the platfrom type of the target, prints it to the console and stores it in variable PlatformType",
|
||
"code": "jsonparse sysTypeHmap \"%7B%2232%22:%22Desktop%22,%2233%22:%22Notebook%22%7D\"\r\nsplit ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset i wsman_answer.CIM_ComputerSystem.responses.{i}.Dedicated\r\nset PlatformType sysTypeHmap.{i}\r\nprint \"Platform Type: {PlatformType}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset sysTypeHmap"
|
||
},
|
||
"AMT-General-GetProvState": {
|
||
"name": "General - Get Provisisoning State",
|
||
"desc": "Retrieves the current Provisioning State of Intel AMT, prints it to the console and stores it in variable AmtProvState",
|
||
"code": "jsonparse provStateHmap \"%7B%220%22:%22Pre%22,%221%22:%22In%22,%222%22:%22Post%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningState\r\nset AmtProvState provStateHmap.{key}\r\nadd AmtProvState AmtProvState \"-Provisioning\"\r\nprint \"Intel AMT Provisioning State: {AmtProvState}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provStateHmap\r\nset key"
|
||
},
|
||
"AMT-General-GetProvMode": {
|
||
"name": "General - Get Provisisoning Mode",
|
||
"desc": "Retrieves the current Provisioning Mode of Intel AMT, prints it to the console and stores it in variable AmtProvMode",
|
||
"code": "jsonparse provModeHmap \"%7B%221%22:%22Admin%20Control%20Mode%20(ACM)%22,%222%22:%22Reserved1%22,%223%22:%22Client%20Control%20Mode%20(CCM)%22,%224%22:%22Reserved2%22%7D\"\r\nsplit ws_general_query \"*AMT_SetupAndConfigurationService\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset key wsman_answer.AMT_SetupAndConfigurationService.response.ProvisioningMode\r\nset AmtProvMode provModeHmap.{key}\r\nprint \"Intel AMT Provisioning Mode: {AmtProvMode}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset provModeHmap\r\nset key"
|
||
},
|
||
"AMT-General-PrintUserConsent": {
|
||
"name": "General - Print User Consent",
|
||
"desc": "Display the Intel AMT user consent mode",
|
||
"code": "jsonparse OptInStateEnum \"%7B%220%22:%22Not Required%22,%221%22:%22Required for KVM only%22,%224294967295%22:%22Always Required%22%7D\"\r\nsplit ws_optIn_query \"*IPS_OptInService\" ,\r\nwsbatchenum \"wsman_answer\" ws_optIn_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"User Consent mode: {OptInStateEnum.{wsman_answer.IPS_OptInService.response.OptInRequired}}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n"
|
||
},
|
||
"AMT-General-SetHostname": {
|
||
"name": "General - Set Hostname",
|
||
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
|
||
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-2 wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.HostName \"%%%hostname%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.DomainName \"%%%domainname%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-2 wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-2\r\n:error-2\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-2\r\n",
|
||
"vars": {
|
||
"hostname": {
|
||
"name": "Hostname",
|
||
"desc": "The hostname Intel AMT will use while in Sx state",
|
||
"type": 1,
|
||
"maxlength": 30,
|
||
"value": ""
|
||
},
|
||
"domainname": {
|
||
"name": "Domain",
|
||
"desc": "The domain name Intel AMT will use while in Sx state",
|
||
"type": 1,
|
||
"maxlength": 30,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-General-SetPingResponse": {
|
||
"name": "General - Set Ping Response",
|
||
"desc": "Set the Intel AMT response to ICMP and RMCP ping requests",
|
||
"code": "split ws_general_query \"*AMT_GeneralSettings\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-2 wsman_result \"!=\" 200\r\nset wsman_answer.AMT_GeneralSettings.response.PingResponseEnabled \"%%%icmpPingResponse%%%\"\r\nset wsman_answer.AMT_GeneralSettings.response.RmcpPingResponseEnabled \"%%%rmcpPingResponse%%%\"\r\nwsput \"AMT_GeneralSettings\" wsman_answer.AMT_GeneralSettings.response\r\njump :error-2 wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-2\r\n:error-2\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-2\r\n",
|
||
"vars": {
|
||
"icmpPingResponse": {
|
||
"name": "ICMP Ping",
|
||
"desc": "Enable or disable the Intel AMT response to ICMP ping",
|
||
"type": 3,
|
||
"values": {
|
||
"true": "Enabled",
|
||
"false": "Disabled"
|
||
},
|
||
"value": "true"
|
||
},
|
||
"rmcpPingResponse": {
|
||
"name": "RMCP Ping",
|
||
"desc": "Enable or disable the Intel AMT response to RMCP ping",
|
||
"type": 3,
|
||
"values": {
|
||
"true": "Enabled",
|
||
"false": "Disabled"
|
||
},
|
||
"value": "true"
|
||
}
|
||
}
|
||
},
|
||
"AMT-General-GetAmtUuid": {
|
||
"name": "General - Get UUID",
|
||
"desc": "Retrieves the Intel AMT UUID, prints it to the console and stores it in variable AmtUuid",
|
||
"code": "split ws_general_query \"CIM_ComputerSystem\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_ComputerSystem.responses \"ElementName\" \"Managed System\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset AmtUuid wsman_answer.CIM_ComputerSystem.responses.{i}.OtherIdentifyingInfo\r\nprint \"Intel AMT UUID: {AmtUuid}\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Error: couldn't find CIM_ComputerSystem.ElementName = %22Managed System%22\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
|
||
},
|
||
"AMT-KVM-SetState": {
|
||
"name": "KVM - Set State",
|
||
"desc": "Set the Intel AMT KVM feature to enabled or disabled",
|
||
"code": "jsonparse wsargs \"%7B %22RequestedState%22:%22%%%kvmEnabled%%%%22 %7D\"\r\nwsexec \"CIM_KVMRedirectionSAP\" \"RequestStateChange\" wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
|
||
"vars": {
|
||
"kvmEnabled": {
|
||
"name": "KVM State",
|
||
"desc": "Enable or disable the Intel AMT KVM feature",
|
||
"type": 3,
|
||
"values": {
|
||
"2": "Enabled",
|
||
"3": "Disabled"
|
||
},
|
||
"value": "2"
|
||
}
|
||
}
|
||
},
|
||
"AMT-KVM-SetSessionTimeout": {
|
||
"name": "KVM - Set Session Timeout",
|
||
"desc": "Set the Intel AMT KVM session timeout",
|
||
"vars": {
|
||
"kvmTimeout": {
|
||
"name": "KVM Timeout",
|
||
"desc": "Intel AMT KVM session timeout in minutes",
|
||
"type": "2",
|
||
"value": "4"
|
||
}
|
||
},
|
||
"code": "split ws_general_query \"*IPS_KVMRedirectionSettingData\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset wsman_answer.IPS_KVMRedirectionSettingData.response.SessionTimeout \"%%%kvmTimeout%%%\"\nwsput \"IPS_KVMRedirectionSettingData\" wsman_answer.IPS_KVMRedirectionSettingData.response\njump :error-%%%~%%% wsman_result \"!=\" 200\nset PullSystemStatus \"1\"\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\n\n"
|
||
},
|
||
"AMT-Network-DetectWiredNic": {
|
||
"name": "Network - Wired NIC",
|
||
"desc": "Detects if the platfrom has a wired Intel AMT network interface controller (NIC), logs to the console and stores the result in WiredAmtNic",
|
||
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 0\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiredAmtNic \"true\"\r\nprint \"Wired AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wired AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
|
||
},
|
||
"AMT-Network-DetectWifiNic": {
|
||
"name": "Network - Wireless NIC",
|
||
"desc": "Detects if the platfrom has a WiFi interface, logs to the console and stores the result in WiFiAmtNic",
|
||
"code": "split ws_general_query \"CIM_EthernetPort\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i -1\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\ngetitem i wsman_answer.CIM_EthernetPort.responses \"DeviceID\" \"Intel(r) AMT Ethernet Port 1\"\r\njump :amtCoreError-%%%~%%% i \"<\" 0\r\nset WiFiAmtNic \"true\"\r\nprint \"WiFi AMT NIC found: true\"\r\njump :end-%%%~%%%\r\n:amtCoreError-%%%~%%%\r\nprint \"Wifi AMT NIC found: false\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset i\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
|
||
},
|
||
"AMT-Network-GetAmtFqdn": {
|
||
"name": "Network - Get FQDN",
|
||
"desc": "Retrieves the FQDN of Intel AMT, prints it to the console and stores it in variable AmtFqdn",
|
||
"code": "split ws_general_query \"*AMT_GeneralSettings\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset AmtFqdn wsman_answer.AMT_GeneralSettings.response.HostName\r\nadd AmtFqdn AmtFqdn \".\"\r\nadd AmtFqdn AmtFqdn wsman_answer.AMT_GeneralSettings.response.DomainName\r\nprint \"Intel AMT FQDN: {AmtFqdn}\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result"
|
||
},
|
||
"AMT-Network-AddEnvDetection": {
|
||
"name": "Network - Set Environment Detection",
|
||
"desc": "Configures the DNS information that will be used by Intel AMT to dynamically determine the network it is operating in",
|
||
"code": "# *** Validate user input ***\r\nprint \"INFO: Parsing block parameters\"\r\njump :EMPTY_DETECTIONSTR-%%%~%%% \"%%%DetectionStrings%%%\" \"=\" \"\"\r\nsplit arrDetectionStrings \"%%%DetectionStrings%%%\" \",\"\r\nsplit arrDetectionIPv6LocalPrefixes \"%%%DetectionIPv6LocalPrefixes%%%\" \",\"\r\nprint \"INFO: Setting Environment Detection\"\r\nsplit ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\r\njump :DetectionStringsDefined-%%%~%%% envDetectionInstance.DetectionStrings \"!=\"\r\nset envDetectionInstance.DetectionStrings arrDetectionStrings\r\njump :SET_IPV6_PREFIX-%%%~%%%\r\n:DetectionStringsDefined-%%%~%%%\r\nadd arrDetectionStrings \",\" arrDetectionStrings\r\nadd envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings arrDetectionStrings\r\nmaketoarray envDetectionInstance.DetectionStrings envDetectionInstance.DetectionStrings\r\nlength arrDetectionStringsLen envDetectionInstance.DetectionStrings\r\njump :INVALID_LEN_DetectionStrings-%%%~%%% arrDetectionStringsLen \">\" \"5\"\r\n:SET_IPV6_PREFIX-%%%~%%%\r\njump :IPv6StringsDefined-%%%~%%% envDetectionInstance.DetectionIPv6LocalPrefixes \"!=\"\r\njump :EMPTY_IPV6PRFX \"%%%DetectionIPv6LocalPrefixes%%%\" \"=\" \"\" \r\nset envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\njump :CALL_WSPUT-%%%~%%%\r\n:IPv6StringsDefined-%%%~%%%\r\nadd arrDetectionIPv6LocalPrefixes \",\" arrDetectionIPv6LocalPrefixes\r\nadd envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes arrDetectionIPv6LocalPrefixes\r\nmaketoarray envDetectionInstance.DetectionIPv6LocalPrefixes envDetectionInstance.DetectionIPv6LocalPrefixes\r\n:EMPTY_IPV6PRFX\r\nlength arrDetectionIPv6LocalPrefixesLen envDetectionInstance.DetectionIPv6LocalPrefixes\r\njump :INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%% arrDetectionIPv6LocalPrefixesLen \">\" \"5\"\r\n:CALL_WSPUT-%%%~%%%\r\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"INFO: Environment Detection set successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionStrings-%%%~%%%\r\nprint \"ERROR: detection strings count must be at most 5\"\r\njump :end-%%%~%%%\r\n:INVALID_LEN_DetectionIPv6LocalPrefixes-%%%~%%%\r\nprint \"ERROR: IPv6 prefixes count must be at most 5\"\r\njump :end-%%%~%%%\r\n:EMPTY_DETECTIONSTR-%%%~%%%\r\nprint \"ERROR: %22Detection Strings%22 field cannot be empty, aborting operation...\"\r\n:end-%%%~%%%\r\n set PullRemoteAccess \"1\"\r\nset AMT_EnvironmentDetectionSettingData\r\nset arrDetectionIPv6LocalPrefixes\r\nset arrDetectionStrings\r\nset envDetectionInstance\r\nset ws_general_query\r\nset wsman_answer \r\nset wsman_result",
|
||
"vars": {
|
||
"DetectionStrings": {
|
||
"name": "Detection Strings",
|
||
"desc": "A comma separated list of up to 4 strings to use in the environment detection algorithm (e.g. intel.com,contoso.com)",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"DetectionIPv6LocalPrefixes": {
|
||
"name": "IPv6 Local Prefixes",
|
||
"desc": "A comma separated list of IPv6 local prefixes (strings) to use independently of or in conjunction with Detection Strings. (e.g. 1234::/64,4321::/46)",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-Network-ClearEnvDetection": {
|
||
"name": "Network - Clear Environment Detection",
|
||
"desc": "Clears the DNS information that is used by Intel AMT to dynamically determine the network it is operating in",
|
||
"vars": {},
|
||
"code": "split ws_general_query \"*AMT_EnvironmentDetectionSettingData\" \",\"\nwsbatchenum \"wsman_answer\" ws_general_query\nset envDetectionInstance wsman_answer.AMT_EnvironmentDetectionSettingData.response\nset envDetectionInstance.DetectionStrings undefined\nwsput \"AMT_EnvironmentDetectionSettingData\" envDetectionInstance\njump :error-%%%~%%% wsman_result \"==\" 200\nprint \"Cleared environment detection\"\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"ERROR: WSMAN call failed: {wsman_result_str}\"\njump :end-%%%~%%%\n:end-%%%~%%%\nset envDetectionInstance\nset ws_general_query\nset AMT_EnvironmentDetectionSettingData\nset PullRemoteAccess \"1\"\nset wsman_answer \nset wsman_result\n"
|
||
},
|
||
"AMT-Power-PowerAction": {
|
||
"name": "Power - Power Action",
|
||
"desc": "Perform an Intel AMT power action",
|
||
"code": "set ManagedElementXml \"%3CAddress xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters xmlns=\\%22http://schemas.xmlsoap.org/ws/2004/08/addressing\\%22%3E%3CResourceURI xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3Ehttp://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ComputerSystem%3C/ResourceURI%3E%3CSelectorSet xmlns=\\%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\\%22%3E%3CSelector Name=\\%22CreationClassName\\%22%3ECIM_ComputerSystem%3C/Selector%3E%3CSelector Name=\\%22Name\\%22%3EManagedSystem%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njsonparse wsargs \"%7B %22PowerState%22:%22%%%powerAction%%%%22, %22ManagedElement%22:%22{ManagedElementXml}%22 %7D\"\r\nset ManagedElementXml\r\nwsexec \"CIM_PowerManagementService\" \"RequestPowerStateChange\" wsargs\r\nset wsargs\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nset PullSystemStatus \"1\"\r\nprint \"Power action completed\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\n",
|
||
"vars": {
|
||
"powerAction": {
|
||
"name": "Power Action",
|
||
"desc": "Indicate the power action to perform",
|
||
"type": 3,
|
||
"values": {
|
||
"2": "Power on",
|
||
"5": "Power cycle",
|
||
"8": "Power down",
|
||
"10": "Reset"
|
||
},
|
||
"value": "2"
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-AddMpsServerFqdnCert": {
|
||
"name": "Remote - Add MPS FQDN/Cert",
|
||
"desc": "Add a new CIRA server (MPS) using the server's hostname and authentication using certificate",
|
||
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:%22201%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed with error {wsman_result}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
|
||
"vars": {
|
||
"FQDN": {
|
||
"name": "MPS Hostname",
|
||
"desc": "The Fully Qualified Domain Name of the MPS to add",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Port": {
|
||
"name": "Port Number",
|
||
"desc": "The MPS server port number",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": ""
|
||
},
|
||
"CN": {
|
||
"name": "Certificate CN",
|
||
"desc": "The common name of the authentication certificate",
|
||
"type": 1,
|
||
"maxlength": 100,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-AddMpsServerFqdnUpa": {
|
||
"name": "Remote - Add MPS FQDN/User",
|
||
"desc": "Add a new CIRA server (MPS) using the server's hostname authentication using username/password",
|
||
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%FQDN%%%%22,%22InfoFormat%22:201,%22Port%22:%%%Port%%%,%22AuthMethod%22:2,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
|
||
"vars": {
|
||
"FQDN": {
|
||
"name": "MPS Hostname",
|
||
"desc": "The Fully Qualified Domain Name of the MPS to add",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Port": {
|
||
"name": "Port Number",
|
||
"desc": "The MPS server port number",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": ""
|
||
},
|
||
"username": {
|
||
"name": "Username",
|
||
"desc": "A Username to be used for the connection with the MPS",
|
||
"type": 1,
|
||
"maxlength": 16,
|
||
"value": ""
|
||
},
|
||
"password": {
|
||
"name": "Password",
|
||
"desc": "The Password matching the username above",
|
||
"type": 4,
|
||
"maxlength": 16,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-AddMpsIpCertServer": {
|
||
"name": "Remote - Add MPS IP/Cert",
|
||
"desc": "Add a new CIRA server (MPS) using the server's IP address and authentication using certificate",
|
||
"code": "# Get the input from user for the CN to look for\r\n# Get available certificates\r\nsplit ws_general_query \"AMT_PublicKeyCertificate\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nlength wsman_ans_length wsman_answer.AMT_PublicKeyCertificate.responses\r\nset i 0\r\n:loop_ans-%%%~%%%\r\n# Get the current subject name\r\nset curSubject wsman_answer.AMT_PublicKeyCertificate.responses.{i}.Subject\r\nIndexOf pos curSubject \"CN=%%%CN%%%\" \r\njump :cnFound-%%%~%%% pos \">=\" 0\r\nadd i i 1\r\njump :loop_ans-%%%~%%% i \"<\" wsman_ans_length\r\njump :cnNotFound-%%%~%%%\r\n:cnFound-%%%~%%%\r\n# Set the reference to the certificate\r\nset certInstanceId wsman_answer.AMT_PublicKeyCertificate.responses.{i}.InstanceID\r\nset certHandle \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_PublicKeyCertificate%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22InstanceID%22%3E{certInstanceId}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%221%22%7D\"\r\nset wsargs.Certificate certHandle\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:cnNotFound-%%%~%%%\r\nprint \"Couldn't find a certificate matching the value of CN=%%%CN%%%\"\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset certHandle\r\nset curSubject\r\nset i\r\nset pos\r\nset ws_general_query\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset certInstanceId\r\nset wsman_ans_length",
|
||
"vars": {
|
||
"IP": {
|
||
"name": "IPv4 Address",
|
||
"desc": "The IPv4 address of the MPS server",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Port": {
|
||
"name": "Port Number",
|
||
"desc": "The MPS server port number",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": ""
|
||
},
|
||
"ServerName": {
|
||
"name": "Server Name",
|
||
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"CN": {
|
||
"name": "Certificate CN",
|
||
"desc": "The common name of the authentication certificate",
|
||
"type": 1,
|
||
"maxlength": 100,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-AddMpsIpUpa": {
|
||
"name": "Remote - Add MPS IP/User",
|
||
"desc": "Add a new CIRA server (MPS) using the servers IP address and authenticating using a username/password",
|
||
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22AccessInfo%22:%22%%%IP%%%%22,%22InfoFormat%22:%223%22,%22Port%22:%%%Port%%%,%22AuthMethod%22:%222%22,%22Username%22:%22%%%username%%%%22,%22Password%22:%22%%%password%%%%22%7D\"\r\nset wsargs.CN \"%%%ServerName%%%\"\r\n# Execute call to AddMpServer\r\nwsexec \"AMT_RemoteAccessService\" \"AddMpServer\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Management Prescence Server (MPS) successfully added to the Intel(R) AMT Subsystem\"\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset AMT_RemoteAccessService\r\nset wsargs\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset wsman_ans_length",
|
||
"vars": {
|
||
"IP": {
|
||
"name": "IPv4 Address",
|
||
"desc": "The IPv4 address of the MPS server",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Port": {
|
||
"name": "Port Number",
|
||
"desc": "The MPS server port number",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": ""
|
||
},
|
||
"ServerName": {
|
||
"name": "Server Name",
|
||
"desc": "The server name, this must be the exact Common Name in the MPS server certificate",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"username": {
|
||
"name": "Username",
|
||
"desc": "A Username to be used for the connection with the MPS",
|
||
"type": 1,
|
||
"maxlength": 16,
|
||
"value": ""
|
||
},
|
||
"password": {
|
||
"name": "Password",
|
||
"desc": "The Password matching the username above",
|
||
"type": 4,
|
||
"maxlength": 16,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-Remove-MPS": {
|
||
"name": "Remote - Remove MPS",
|
||
"desc": "Remove MPS identified by its IP/FQDN and port",
|
||
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :mpsFound-%%%~%%% curAccessInfo \"=\" \"%%%AccessInfo%%%:%%%Port%%%\"\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\nprint \"No MPS was found matching the input parameters\"\r\njump :end-%%%~%%%\r\n:mpsFound-%%%~%%%\r\nprint \"Found matching MPS, starting removal process\"\r\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\r\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\r\n:end-%%%~%%%\r\nset AMT_ManagementPresenceRemoteSAP\r\nset arr\r\nset curAccessInfo\r\nset i\r\nset instanceName\r\nset selector\r\nset ws_general_query\r\nset wsman_answer\r\nset wsman_result\r\nset wsman_result_str\r\nset arr_len\r\nset PullRemoteAccess 1",
|
||
"vars": {
|
||
"AccessInfo": {
|
||
"name": "FQDN/Address",
|
||
"desc": "The FQDN/IPv4 address of the MPS server to be deleted",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Port": {
|
||
"name": "Port Number",
|
||
"desc": "The MPS server port number",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": ""
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-RemoveAll-MPS": {
|
||
"name": "Remote - Remove All MPS",
|
||
"desc": "Remove all MPS",
|
||
"vars": {},
|
||
"code": "split ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\nset i 0\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\nLength arr_len arr\n:loop-%%%~%%%\nset instanceName wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\nset selector \"%3Cw:SelectorSet%3E%3Cw:Selector%20Name=%22Name%22%3E{instanceName}%3C/w:Selector%3E%3C/w:SelectorSet%3E\"\nwsdelete \"AMT_ManagementPresenceRemoteSAP\" selector\nadd i i 1\njump :loop-%%%~%%% i \"<\" arr_len\n:end-%%%~%%%\nset AMT_ManagementPresenceRemoteSAP\nset arr\nset i\nset instanceName\nset selector\nset ws_general_query\nset wsman_answer\nset wsman_result\nset wsman_result_str\nset arr_len\nset PullRemoteAccess 1\n"
|
||
},
|
||
"AMT-RemoteAccess-AddRemoteAccessPolicyRule": {
|
||
"name": "Remote - Add Trigger (User / Alert)",
|
||
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
|
||
"code": "# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%220%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\n# *** Verify valid input ***\r\njump :VALID_INPUT \"%%%AccessInfo1%%%\" \"!=\" \"\"\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:VALID_INPUT\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"INFO: Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer",
|
||
"vars": {
|
||
"AccessInfo1": {
|
||
"name": "MPS 1 Address",
|
||
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"AccessInfo2": {
|
||
"name": "MPS 2 Address",
|
||
"desc": "Optional, leave empty value if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Trigger": {
|
||
"name": "Trigger",
|
||
"desc": "The event that will trigger the establishment of the remote connection to the MPS.",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "User Initiated",
|
||
"1": "Alert"
|
||
},
|
||
"value": "0"
|
||
},
|
||
"tLifeTime": {
|
||
"name": "Tunnel Lifetime",
|
||
"desc": "Defines the tunnel<65>s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the server, the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": "0"
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-AddRemoteAccessPolicyRule2": {
|
||
"name": "Remote - Add Trigger (Periodic)",
|
||
"desc": "Set a remote access trigger policy, used to establish a secure tunnel between a management console and the Intel AMT platform.",
|
||
"code": "# *** Verify valid input ***\r\nsplit period_arr \"%%%Period%%%\" \":\"\r\nlength period_arr_len period_arr\r\njump :INVALID_ARG_AccessInfo1 \"%%%AccessInfo1%%%\" \"=\" \"\"\r\njump :DailyPeriod \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_PeriodType \"%%%PeriodType%%%\" \"!=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_Period period_arr.0 \">\" \"4294967295\"\r\nIntToStr extendedData \"0\"\r\nIntToStr bPeriod period_arr.0\r\nadd extendedData extendedData bPeriod\r\njump :SET_PERIOD\r\n:DailyPeriod\r\njump :INVALID_PeriodType period_arr_len \"!=\" \"2\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \"<=\" \"0\"\r\njump :INVALID_ARG_PeriodDaily period_arr.0 \">\" \"23\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \">\" \"59\"\r\njump :INVALID_ARG_PeriodDaily period_arr.1 \"<=\" \"0\"\r\nIntToStr extendedData \"1\"\r\nIntToStr bPeriodHour period_arr.0\r\nIntToStr bPeriodMinute period_arr.1\r\nadd extendedData extendedData bPeriodHour\r\nadd extendedData extendedData bPeriodMinute\r\njump :SET_PERIOD\r\n:INVALID_PeriodType\r\nprint \"ERROR: The period type and value must correspond, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_PeriodDaily\r\nprint \"ERROR: Field %22Period%22 must be a value HH:MM 0<=HH<24 && 0<=MM<60, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_AccessInfo1\r\nprint \"ERROR: Field %22AccessInfo1%22 must not be empty, aborting operation...\"\r\njump :end-%%%~%%%\r\n:INVALID_ARG_Period\r\nprint \"ERROR: Field %22Period%22 must be a value 0<=t<MAX_INT, aborting operation...\"\r\njump :end-%%%~%%%\r\n:SET_PERIOD\r\n# *** Prepare arguments for AMT_RemoteAccessService.AddRemoteAccessPolicyRule ***\r\njsonparse ws_args \"%7B%22Trigger%22:%222%22,%22TunnelLifeTime%22:%22%%%tLifeTime%%%%22%7D\"\r\nbtoa extendedData extendedData\r\nset ws_args.ExtendedData extendedData\r\n# *** Set a EPR selector matching user input ***\r\nsplit ws_general_query \"AMT_ManagementPresenceRemoteSAP\" ,\r\nwsbatchenum \"wsman_answer\" ws_general_query\r\nset i 0\r\nset arr wsman_answer.AMT_ManagementPresenceRemoteSAP.responses\r\nLength arr_len arr\r\nset mpsEpr1 \"*\"\r\nset mpsEpr2 \"*\"\r\n:loop-%%%~%%%\r\nset curAccessInfo arr.{i}.AccessInfo\r\nadd curAccessInfo curAccessInfo \":\"\r\nadd curAccessInfo curAccessInfo arr.{i}.Port\r\njump :MPS1_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo1%%%\"\r\nset mpsEpr1 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (primary) mps: {mpsEpr1}\"\r\njump :MPS2_NOTSET \"%%%AccessInfo2%%%\" \"=\" \"\"\r\n:MPS1_NO_MATCH\r\njump :MPS2_NO_MATCH curAccessInfo \"!=\" \"%%%AccessInfo2%%%\"\r\nset mpsEpr2 wsman_answer.AMT_ManagementPresenceRemoteSAP.responses.{i}.Name\r\nprint \"INFO: Found matching (secondary) mps: {mpsEpr2}\"\r\n:MPS2_NO_MATCH\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" arr_len\r\n:MPS2_NOTSET\r\njump :MPS1_FOUND mpsEpr1 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo1%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS1_FOUND\r\njump :MPS2_FOUND \"%%%AccessInfo2%%%\" \"=\" \"\"\r\njump :MPS2_FOUND mpsEpr2 \"!=\" \"*\"\r\nprint \"ERROR: MPS server: %22%%%AccessInfo2%%%%22 could not be found, aborting operation...\"\r\njump :end-%%%~%%%\r\n:MPS2_FOUND\r\nprint \"INFO: Setting policy...\"\r\njsonparse ws_args.MpServer \"%7B%7D\"\r\nset MpServer \"%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr1}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\njump :SKIP_ADD_MPS2 \"%%%AccessInfo2%%%\" \"=\" \"\"\r\nadd MpServer MpServer \"|%3CAddress%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3Ehttp://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous%3C/Address%3E%3CReferenceParameters%20xmlns=%22http://schemas.xmlsoap.org/ws/2004/08/addressing%22%3E%3CResourceURI%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3Ehttp://intel.com/wbem/wscim/1/amt-schema/1/AMT_ManagementPresenceRemoteSAP%3C/ResourceURI%3E%3CSelectorSet%20xmlns=%22http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd%22%3E%3CSelector%20Name=%22Name%22%3E{mpsEpr2}%3C/Selector%3E%3C/SelectorSet%3E%3C/ReferenceParameters%3E\"\r\n:SKIP_ADD_MPS2\r\nsplit ws_args.MpServer MpServer \"|\"\r\n# *** Call AMT_RemoteAccessService.AddRemoteAccessPolicyRule with policy details. ***\r\nwsexec \"AMT_RemoteAccessService\" \"AddRemoteAccessPolicyRule\" ws_args selector\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"Policy addedd successfully\"\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"WSMAN call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset PullRemoteAccess 1\r\nset mpsEpr1\r\nset mpsEpr2\r\nset i\r\nset curAccessInfo\r\nset arr_len\r\nset MpServer\r\nset arr\r\nset AMT_RemoteAccessService\r\nset wsman_result\r\nset wsman_result_str\r\nset ws_args\r\nset ws_general_query\r\nset wsman_answer\r\nset bPeriod\r\nset extendedData\r\nset period_arr\r\nset period_arr_len\r\nset bPeriodHour\r\nset bPeriodMinute",
|
||
"vars": {
|
||
"AccessInfo1": {
|
||
"name": "MPS 1 Address",
|
||
"desc": "The FQDN/IPv4 & Port of the MPS targeted for this policy. (e.g. mps1.mydomain.com:1234, 1.2.3.4:2233)",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"AccessInfo2": {
|
||
"name": "MPS 2 Address",
|
||
"desc": "Optional, leave empty if not applicable. Sames as above. In case you wish to apply this policy to 2 (two) mps instances",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"PeriodType": {
|
||
"name": "Interval Type",
|
||
"desc": "Defines the idle periods of the connection. Data can be in one of two formats: periodic interval (seconds) or daily interval (HH:MM).",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "Periodic (Seconds)",
|
||
"1": "Daily (HH:MM)"
|
||
},
|
||
"value": "0"
|
||
},
|
||
"Period": {
|
||
"name": "Interval Value",
|
||
"desc": "Set the interval to an integer value (0 <= t < MAX_INT in seconds) or a time format (HH:MM s.t 0 <= HH < 24, 0 <= MM < 60) depending on the selection above",
|
||
"type": 1,
|
||
"maxlength": 11,
|
||
"value": ""
|
||
},
|
||
"tLifeTime": {
|
||
"name": "Tunnel Lifetime",
|
||
"desc": "Defines the tunnel<65>s lifetime in seconds. A value of 0 means that the tunnel should stay open until it is closed by the CloseRemoteAccessConnection method or when a different policy with a higher priority needs to be processed.",
|
||
"type": 2,
|
||
"maxlength": 5,
|
||
"value": "0"
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-RemoveAccessPolicyRule": {
|
||
"name": "Remote - Remove Trigger",
|
||
"desc": "Removes the remote access trigger policies",
|
||
"code": "jsonparse hMapPolicies \"%7B%220%22:%20%22User%20Initiated%22,%09%221%22:%20%22Alert%22,%20%222%22:%20%22Periodic%22%7D\"\r\nsplit policiesArr \"%%%policies%%%\" \",\"\r\nlength policiesArrLen policiesArr\r\nset i 0\r\n:loop-%%%~%%%\r\nset curPolicy hMapPolicies.{policiesArr.{i}}\r\njsonparse ws_args \"%7B%22PolicyRuleName%22:%22{curPolicy}%22%7D\"\r\nwsdelete \"AMT_RemoteAccessPolicyRule\" ws_args\r\nadd i i 1\r\njump :loop-%%%~%%% i \"<\" policiesArrLen\r\nprint \"INFO: Policies removed successfully\"\r\nset PullRemoteAccess 1\r\nset AMT_RemoteAccessPolicyRule\r\nset curPolicy\r\nset hMapPolicies\r\nset i\r\nset policiesArr\r\nset policiesArrLen\r\nset ws_args\r\nset wsman_result",
|
||
"vars": {
|
||
"policies": {
|
||
"name": "Policies",
|
||
"desc": "Set policies to be removed",
|
||
"type": 5,
|
||
"values": {
|
||
"0": "User Initiated",
|
||
"1": "Alert",
|
||
"2": "Periodic"
|
||
},
|
||
"value": [ "" ]
|
||
}
|
||
}
|
||
},
|
||
"AMT-RemoteAccess-SetUserInterface": {
|
||
"name": "Remote - Set User Initiation",
|
||
"desc": "A local or user or application may initiation the Intel AMT Client Initiation Remote Access (CIRA) connection to the server. Use this script block to enabled or disable this feature.",
|
||
"code": "# Set method parameters\r\njsonparse wsargs \"%7B%22RequestedState%22:%22%%%ReqState%%%%22%7D\"\r\njsonparse EnumState \"%7B%2232768%22:%22Disabled%22,%2232769%22:%22BIOS Enabled%22,%2232770%22:%22OS enable%22,%2232771%22:%22BIOS & OS Enabed%22%7D\"\r\n# Execute call to change the state\r\nwsexec \"AMT_UserInitiatedConnectionService\" \"RequestStateChange\" wsargs \"\"\r\njump :error-%%%~%%% wsman_result \"!=\" 200\r\nprint \"SUCCESS: Remote Access user interfaces set to: {EnumState.%%%ReqState%%%}\"\r\n\r\nset PullRemoteAccess 1\r\njump :end-%%%~%%%\r\n:error-%%%~%%%\r\nprint \"Call failed: {wsman_result_str}\"\r\n:end-%%%~%%%\r\nset wsargs\r\nset wsman_result\r\nset wsman_result_str\r\nset EnumState\r\nset AMT_UserInitiatedConnectionService",
|
||
"vars": {
|
||
"ReqState": {
|
||
"name": "User Initiation",
|
||
"desc": "Select the configuration to be set for Remote Access user initiated interface",
|
||
"type": 3,
|
||
"values": {
|
||
"32768": "Disabled",
|
||
"32769": "BIOS only",
|
||
"32770": "OS only",
|
||
"32771": "BIOS & OS"
|
||
},
|
||
"value": "32771"
|
||
}
|
||
}
|
||
},
|
||
|
||
"AMT-Security-AddCertificate": {
|
||
"name": "Security - Add Certificate",
|
||
"desc": "Add a trusted or chain certificate to Intel AMT certificate store.",
|
||
"code": "jsonparse wsargs \"%7B%7D\"\r\nset wsargs.CertificateBlob \"%%%CertBin%%%\"\r\njump :certroot %%%CertType%%% \"=\" 1\r\nprint \"Adding certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\r\njump :certdone\r\n:certroot\r\nprint \"Adding root certificate...\"\r\nwsexec \"AMT_PublicKeyManagementService\" \"AddTrustedRootCertificate\" wsargs\r\n:certdone\r\nset wsargs\r\nset AMT_PublicKeyManagementService\r\nset PullCertificates 1\r\n",
|
||
"vars": {
|
||
"CertType": {
|
||
"name": "Certificate Type",
|
||
"desc": "Select if this is a certificate that should be used by Intel AMT as trusted root.",
|
||
"type": 3,
|
||
"values": {
|
||
"0": "Chain Certificate",
|
||
"1": "Trusted Root Certificate"
|
||
},
|
||
"value": "0"
|
||
},
|
||
"CertBin": {
|
||
"name": "Certificate",
|
||
"desc": "A .cer file, this is the certificate that will be uploaded to Intel AMT.",
|
||
"type": 6
|
||
}
|
||
}
|
||
},
|
||
"AMT-Security-IssueUntrustedCertificate": {
|
||
"name": "Security - Issue Untrusted Certificate",
|
||
"desc": "Create a run Intel AMT certificate with private key that is signed by an untrusted dummy root.",
|
||
"code": "jump :certificateSupport-%%%~%%% _certificates \"=\" 1\nprint \"ERROR: No certificate support, this script block can't run in thei environment\"\njump :end2-%%%~%%%\n:certificateSupport-%%%~%%%\n\nset CommonName \"%%%CommonName%%%\"\"\nlength x CommonName \njump :skipSetCommonName-%%%~%%% x \"!=\" 0\n\nsplit ws_general_query \"*AMT_GeneralSettings\" ,\nwsbatchenum \"wsman_answer\" ws_general_query\njump :error-%%%~%%% wsman_result \"!=\" 200\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}\"\nlength x CommonName \njump :skipSetDomainName-%%%~%%% x \"=\" 0\nset CommonName \"{wsman_answer.AMT_GeneralSettings.response.HostName}.{wsman_answer.AMT_GeneralSettings.response.DomainName}\"\n:skipSetDomainName-%%%~%%%\n:skipSetCommonName-%%%~%%%\n\njsonparse certattributes \"%7B %22CN%22:%22{CommonName}%22, %22O%22:%22%%%Organization%%%%22, %22ST%22:%22%%%StateProvince%%%%22, %22C%22:%22%%%Country%%%%22 %7D\"\njsonparse wsargs \"%7B %22KeyAlgorithm%22:%220%22, %22KeyLength%22:%222048%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"GenerateKeyPair\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\nset selector AMT_PublicKeyManagementService.Body.KeyPair.ReferenceParameters.SelectorSet.Selector.Value\nsplit ws_query \"AMT_PublicPrivateKeyPair\" ,\nwsbatchenum \"wsman_answer\" ws_query\njump :error-%%%~%%% wsman_result \"!=\" 200\ngetitem i wsman_answer.AMT_PublicPrivateKeyPair.responses \"InstanceID\" selector\nset DERKey wsman_answer.AMT_PublicPrivateKeyPair.responses.{i}.DERKey\nsignwithdummyca DERKey certattributes\njsonparse wsargs \"%7B %22CertificateBlob%22:%22{signed_cert}%22 %7D\"\nwsexec \"AMT_PublicKeyManagementService\" \"AddCertificate\" wsargs\njump :error-%%%~%%% wsman_result \"!=\" 200\njump :end-%%%~%%%\n:error-%%%~%%%\nprint \"Call failed: {wsman_result_str}\"\n:end-%%%~%%%\nset PullCertificates 1\n:end2-%%%~%%%\n\nset i\nset x\nset wsman_answer\nset selector\nset AMT_PublicKeyManagementService\nset ws_query\nset AMT_PublicKeyManagementService\nset DERKey\nset wsargs\n",
|
||
"vars": {
|
||
"CommonName": {
|
||
"name": "Common Name",
|
||
"desc": "Common name of the certificate, leave blank to use the Intel AMT host and domain name",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Organization": {
|
||
"name": "Organization",
|
||
"desc": "Certificate organization name",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"StateProvince": {
|
||
"name": "State/Province",
|
||
"desc": "Certificate state or province name",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
},
|
||
"Country": {
|
||
"name": "Country",
|
||
"desc": "Certificate country name",
|
||
"type": 1,
|
||
"maxlength": 255,
|
||
"value": ""
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|